Latest Audit Information & News

THIS WEEK WE TAKE A LOOK AT HOW INTERNAL AUDIT HAS BEEN CHANGING AS A RESULT OF WORKING IN A COVID-19 WORLD.

 

What makes internal audit unique is its strength and experience in managing uncertainty. Uncovering and tackling risk is what internal audit teams were born to do. Surfacing issues to help organizations survive and thrive is all in a day’s work. Organizations around the world are struggling to minimize business disruption from COVID-19 while navigating new realities with lot of this responsibility falls on internal audit.

But right now as leaders and boards grapple to identify direct and indirect COVID-19 related risks and adjust to a new normal, internal audit’s assessment and assurance roles have become so much more invaluable. Here are four ways that internal audit can bring even more value to the organization.

 

1. Decision-making capacity based on accurate data

 

According to a recent COVID-19 Quick Poll by The IIA’s Audit Executive Center®, 78% of chief audit executives and internal audit directors said their initial strategic responses were focused on assessing short-term impact. Other short-term strategies included:

  • Providing COVID-19 updates to the board (72%)

 

  • Revising the business continuity plan (66%)

 

  • Evaluating third-party relationships (59%).

 

  • Internal auditors are key to providing the data-driven short-term risk perspectives that support confident decision-making during this uncertain time. This is obviously very important to both the leadership team and the entire organization, as it helps everyone stay focused on meeting objectives and mitigating risks. Internal auditors must look ahead to future risk, as well as mitigate the present dangers.”

 

2. Organization’s future state need to be kept in mind

COVID-19 brings countless risks (e.g., health and safety of customers and employees, disrupted supply chains, cost reductions, new processes, revenue loss) that need immediate attention, but internal audit also needs to look at emerging or evolving risks that will impact the organization’s future state.

As a result of government initiatives to support organizations through this pandemic, audit teams in some sectors (e.g., government departments and financial services) are even experiencing increased workloads, requiring them to undertake real-time assurance work to effectively tackle emerging risks. “Even as organizations are in the first stages of determining the potential impacts of the coronavirus on their operations, an ancillary risk is emerging—social engineering amid crisis. Cybercriminals are taking advantage of the growing concern over the deadly virus.”

Recent data from Barracuda Networks indicated a 600% increase in phishing e-mails. How will these emerging risks (from phishing emails designed to look like they’re from WHO to fake stimulus check emails) affect your organization in the long run? What internal controls do you currently have in place? Are they sufficient in light of moving to remote workforces and emerging cyber threats? A breach right now could derail the organization in the future. What do you need to do now and who do you need to work with to protect your organization?

Internal auditors must look to future risk, as well as mitigate present dangers. Looking ahead includes impacts on 2020/21 internal audit plans, changes in internal audit methodology, and maybe even reducing overall internal audit activity to deliver value to a downsized organization.

 

 

3. Adoption of an agile audit plan

COVID-19 is causing organizations to adjust business operations and plans rapidly, presenting new ongoing challenges. One of those challenges may be to conduct auditing entirely remotely. The traditional audit plan might not work in this situation, so it might be time to investigate an agile approach, really understand how your organization operates, and ensure that you’re achieving the business acumen element of the IIA Competency Framework.

Instead of the rigid, single-phase planning of a traditional audit, agile auditing centers around fluid, iterative planning on an ongoing basis. There’s a core focus on collaboration and communication between the audit team and stakeholders throughout the entire experience. While audit quality is always a key consideration, the priority is on speed and efficiency over delivering a perfectly polished project at the end. This “try fast, fail fast” design accounts for the unexpected in case the team needs to suddenly shift gears. And while everyone has a different role, the team is trusted to be self-organizing and cross-functional. Agile can be an ideal audit approach while COVID-19 risks and priorities shift quickly, and remote audit teams use technology to stay better connected.

 

 

4. Using technology for keeping track on audits

Some audit projects must go on, even when face-to-face interaction isn’t possible. Thankfully, technology can give auditors a serious advantage here, because it lets you:

Conduct audit interviews and meetings through secure video conferencing.
Get live video feeds of client inventory locations. COVID-19 has made inventory testing one of the biggest challenges for auditors; moving to live video feeds may be inevitable unless you can put off an inventory count. Using recorded video is not recommended; how can you prove authenticity and objectivity?

And, dedicated audit management software like AuditBond further facilitates these new ways of working when everybody is remote, through features like:

A single, united platform to increase collaboration and communication

Workflows that keep remote workers informed on all stages of the audit.

A library of documentation, templates, and workflows at everybody’s fingertips

A complete audit trail, to track everything and ensure your audit work remains defensible to regulators and external auditors.

Of course, there are always upsides and downsides to all technology. On the upside, you’ll save on travel costs; have more in-depth documentation, paper trails, and reporting; and gain added benefits like data analytics and robotic process automation.

But you won’t be able read auditees’ body language or build rapport quite as easily as being in person. It’s all a matter of adjustment and settling into a “new normal.”

 

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us on  Germany-  0049 30217 82920 or Switzerland 0041 4350 830 59

 

 

It was once famously said that adversity is the mother of progress in life.

 

With this in mind, this week an experienced Head of Audit takes a look at how leading multinationals are levering the impact of COVID-19 through virtual work by Auditors.

The year 2020 will go down in the history books as one of the most trying years in modern world history. The COVID-19 pandemic has tested nearly every nation, government, business and individual in many unforeseen ways that heavily impact daily life, with additional consequences and impacts likely into the future. This blog post will provide a perspective that includes research along with a personal interview regarding how COVID-19 has impacted the ability of IT audit functions to execute and successfully deliver on their business outcomes and objectives.

Covid-19 resulting into situation that describes several potentially negative impacts to audit functions, such as the inability for auditors to perform routine physical inspections or observations they are accustomed to. Going on to explain obtaining audit evidence in a traditional sense is now more challenging because physical counts of inventory, obtaining original documentation and having direct access to staff to conduct interviews can be more difficult than it was before the pandemic and the increased prevalence of remote work. This may result in auditors having to consider the impacts of these evidence-gathering impacts on the final audit report and offering a modified opinion that takes into account any tests affected by non-standard evidence collection procedures.

To compensate for the lack of physical availability to properly collect evidence, the auditor may consider alternatives to properly form an opinion on controls, including whether inventory inspection or documentation can be observed on an alternate date when attendance is not possible by year end, with audit procedures against intervening transactions performed. Leveraging technology that allows the client to remotely perform a physical inventory count via video feed or share documentation through Dropbox or other secure file-sharing technology might also be necessary.

The remainder of this blog post sheds further light on this topic via recent Question & Answer session with Dawn Vogel, Director of IT Audit at Nelnet. Dawn began with the premise that audit engagements aren’t too different from prior to COVID, although certain challenges are exacerbated:

Q: How has the shift to work from home impacted the ability to plan audits, conduct audits or hold stakeholder meetings such as entrance conferences, as well as draft report reviews, final report issuance,etc.?

A: The shift has forced audit shops to become more mature in their adoption of agile audit techniques (Agile auditing is designed to be flexible and iterative. This means that rather than rigid internal audit plans, there’s a continually updated backlog of audits and projects, prioritized based on risks and company needs that can be undertaken once resources are available). The shift has required audit to focus on what is really necessary to meet the objectives of an audit (most viable product). Take a cycle audit for example. An email or phone call discussing the objectives of an audit and confirming any changes may suffice in lieu of a formal entrance conference. Documenting only the key points and using more informal communication saves time as it’s sometimes easier to complete tasks for both parties within a certain timeframe. The same holds true for issues and reports; there are efficient ways of communicating based on the desired outcome.

On the negative side, sometimes this flexibility gets to the point of delaying tasks to the last possible minute, so it’s important to have regular communication (e.g., stand-ups or routine ceremonies) in a way that people can digest. It’s becoming harder to obtain information if you are not working the way your customers work, so our department is moving toward a workflow-based system and away from email. It’s important to have clear direction on projects so that employees know what they can do to be productive during any periods of downtime.

Q: How has the shift to work from home impacted team morale or the quality of work the audit team is producing? Is energy from the audit team and engagement levels decreasing/increasing, etc.?

A: Given the length of the pandemic and the uncertainty of how long it will last, morale can be perceived at times to be lower generally. There are typically ebbs and flows to morale, but this is making the ebbs longer and deeper. Everyone has a different situation, so it’s also important to understand what the team or an individual’s needs are. It’s more difficult to read body language and tone over video conferencing, but it’s a new skill people need to learn. Now more than ever, it’s important to have non-work-related connection time, and it must be built into the workday. It can be helpful to send routine, but quick IM messages and schedule short one-on-one meetings to keep connections strong.

While the quality of work has not changed, it sometimes takes longer to get there. It’s easier for people to ignore information requests when you can’t walk to their desk. They can ignore phone calls, voicemails, IMs, emails, and meeting requests until they are ready to gather the information. Relationship-building and understanding objectives and impacts of requests are of utmost importance. An auditor is much more likely to be timely when we are working like the business area, so it is important for IT auditors to adopt agile methods and workflow applications.

Q: How has the shift to work from home impacted relationships with audit customers?

A: In some respects, the shift to work from home has provided a bonding experience between audit and its customers. We are all on the same playing field and we have had to work together to find creative solutions to issues that work for both parties. Everyone can more easily relate to technical difficulties these days! The same audit deadlines exist – however, audit teams often aren’t able to communicate immediately due to other priorities and possible technical issues. When you aren’t able to physically see a control operate as you did in the past, you have to work together to find ways to meet the objective. It has required audit to provide more information on why we are doing what we are doing along with the desired outcome, and that helps the customer more than asking for a particular document.

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us on  Germany-  0049 30217 82920 or Switzerland 0041 4350 830 59

 

 

 

COVID-19 Pandemic worsening the Cybersecurity Risks

Just like every other crisis, the COVID-19 pandemic has rocked the boats of most businesses. The fact that it has discouraged physical interactions has forced enterprises to embrace work from home initiatives. Most companies have had to increase their reliance on collaborative technology to keep their business operations afloat.

Sadly, while businesses are busy adapting to the new normal, hackers and threat actors have been taking advantage of the security loophole introduced by working from home. Most of these loopholes have been around for a long time, but the pandemic aggravates the threats they pose. If your business fails to look for solutions to these threats, you stand to lose a lot. Here are five cybersecurity threats that have been made worse by the pandemic:

Poor Physical Security: It is tough to predict who your employees interact and live with at home. In some cases, the threat actors could also be neighbours. In the office environment, it is pretty easy to achieve physical security. Employees can store sensitive documents under lock and key. Your office environment is a sanctuary for your business operations, with little to no intrusion from the outside world. The situation can be reversed when working from home. Employees who aren’t aware of common cybersecurity threats could leave sensitive documents lying around anywhere. They could also forget to turn off their computer screens when interacting with friends and neighbours. As for the disposal of confidential documents, employees may lack shredders at home to make the data unrecognizable. All these factors make it easier for threat actors to gain access to your corporate data.

Corporate leaders can implement cloud storage solutions to limit the amount of data employees store physically. Training employees on the best practices for physical security will also ensure that corporate data is safe, even while working remotely.

Phishing Attacks: Exception to the norm, employees now have to communicate heavily through phone calls, emails, and social platforms. As such, it is easier for cybercriminals to send out phishing scams. A hacker could easily send out emails to an unknowing employee in the façade of a trusted authority in your business. If your employee isn’t careful enough, they could click on the email and end up downloading malware. In other cases, these attacks result in the employees offering threat actors private information about the company or even sending out unwarranted payments. Aside from these direct attacks, hackers have also been preying on the need to know for all things COVID-19-related.

There has been a spike in the number of fraudulent links being shared on social media that claim to provide COVID-19-related information. Something as simple as an employee clicking on these links could be detrimental to your data security. The best way to tackle this threat would be to hire security experts to educate employees on how to spot and avoid current and emerging phishing attacks.

The Use of Unsecured Devices: It is easier for a business to control its cybersecurity posture when employees are working in-house. Since most of the devices they use are provided by your company, implementing the necessary cybersecurity control measures is straightforward. Also, you could send out updates anytime with little friction. In the case of BYOD (Bring Your Own Device) policies, most businesses have implemented practices that have ensured that employee’s devices have the latest security updates. Sadly, controlling all of this isn’t as easy when employees are working from home.

It can be tough to send updates to all devices employees could use when logging into corporate networks. Even worse, some employees may connect to corporate accounts through Wi-Fi networks that aren’t secure enough. As soon as a hacker identifies such threats, your business is in trouble. Business leaders can keep this threat at bay by creating and implementing policies that outline the kind of devices employees should use to access corporate data. These policies can also contain security best practices and outline how to handle software updates. Another valid option would be to implement data masking techniques like encryption.

Shadow IT: Shadow IT has always been an issue even before the pandemic hit. Employees who are always looking for more effortless ways to do their job are known to use unsanctioned apps from time to time. Sure, not all apps pose security risks, but a data breach might need only having a single employee uses a malware-infested application. What’s even worse is that IT departments might not know that employees are using these unsanctioned apps. When employees were working in the office, it was easier to spot the use of unsanctioned apps. However, with more employees working remotely, they have the freedom to design their work environment, and this includes the apps they can use. Sure, IT departments might offer a list of sanctioned apps, but most employees will use other alternatives if the sanctioned ones can’t make their work easier.

IT departments can take this menace by containerizing their corporate data on employee’s devices and involving employees in picking the ideal organizational tools for their jobs. Besides giving you more control over what employees can do with corporate data, containerization un-complicates most security complexities that come with remote work.

Insider Threats: Insider threats occur when employees expose sensitive corporate data either intentionally or unintentionally. With the stress levels brought about by COVID-19 and its effects on most employees’ finances, most people could be looking for additional income sources. Employees who have had to take a pay cut or were laid off might be disgruntled to the point of selling your data. In other cases, the lack of a nearby IT department to approach security concerns also increases the chances that employees will make costly mistakes. While IT departments might be reached through a phone call, there are instances where the responsible people might be out of reach.

Having employees sign, NDAs could help mitigate common insider threats from disgruntled staff members. As for common security errors employees can commit, solving them can be as easy as educating employees and ramping up your IT team’s availability. Businesses that want to survive through the pandemic will need to find ways to deal with the threats above. One great way to start is by educating employees on cybersecurity best practices. Business leaders will also need to continually monitor their businesses to identify security loopholes that pose the most significant threats.

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us on  Germany-  0049 30217 82920 or Switzerland 0041 4350 830 59

Taking Your Data Analytics Program to the Next Level of Internal audit

 

Internal audit departments that pursue data analytics without fear will soon be expanding their capabilities and unlocking the powerful potential of what it can do. By now, most internal audit departments have at least dipped a toe in the waters of data analytics.

They are using data analysis techniques to find outliers in expense reporting that could raise red flags, to look for suppliers that have suspicious attributes or are at high risk for bribery, and for testing controls.

According to the 2018 PwC State of Internal Audit report, 82 per cent of internal audit functions surveyed say they have increased their investment in data mining and data analytics to facilitate monitoring of key trends and support continuous auditing.

As that report also states, however: “Many functions are finding their analytics programs stalled and in need of a jump start.” Indeed, many internal audit shops find it difficult to take their data analytics programs to the next level. They want to embed advanced analytics into everything they do. They want analytics to inform risk assessments, audit planning, and to be used in just about every audit.

So what’s holding them back? For one, internal audit departments are finding it hard to hire the talent they need with data analysis backgrounds and capabilities. Most chief audit executives will tell you that finding audit candidates with data analytics skills is never easy.

Another issue is time. Most internal audit departments are stretched thin and don’t have the time to devote to coming up to speed on new technologies, including data analytics, even if it would save time in the long term. Technology is moving so fast that some CAEs decide they can’t keep up with it all and throw up their hands.

Most internal audit departments, however, recognize the importance of initiating a more robust data analytics program. According to a study by internal audit consulting firm Protiviti, among internal audit teams not currently using advanced analytics, 19 percent plan to start using the tools in the next year, and another 47 percent plan to do so in the next two years.

So how can companies leverage data analytics to take their internal audit functions to the next level?

Here are seven steps that can help supercharge a data analytics program.

Seven ways to improve data analytics maturity:

1. Demonstrate the potential. When senior executives see the potential of what advanced data analytics can do, they will become more likely to provide increased budgets to fund the effort and managers may become less possessive of the data, which can be a big barrier to getting a data analytics program to the next level.

2. Name a data analytics champion. Internal audit functions with one or more dedicated analytics champions and dedicated analytics functions in place deliver more value, experience higher demand for their analytics services, and obtain better access to higher-quality data. Having champions could help organizations to bridge the gap between the analytics function and operational auditors. It also encourages the use of analytics, including basic usage by the whole team.

3. Get board and management support for data sharing. One of the biggest barriers to improving a data analytics program is getting access to quality data. CAEs should explore avenues to expand internal audit’s access to quality data. That may include appealing to senior executives and even the board to push the importance of providing access to data throughout the organization. A mandate from the CEO can do wonders to loosen the tight grip some process owners maintain on their data.

4. Don’t get caught up on data analytics tools. Some internal audit departments get sidetracked on what data analytics package to select. Most data analytics experts say start with something as simple as Excel and move on when it becomes limiting to what you want to accomplish. There’s no reason to increase the complexity with advanced tools before your team has a good understanding of the data and what it can tell you.

5. Think creatively about data sources. The answers you seek may not lie in the data that is right in front of you. Data analytics practitioners must identify new data sources, both internal and external, that can enhance internal audit’s view of risk across the organization. This can ensure that the organization will be able to supplement data analytics procedures with a supply of quality data.

6. Get stakeholder input. CAEs should seek ways to increase the level of input stakeholders provide when building and using data analytics models and continuous auditing tools. Process owners have the best understanding of the data and can be vital in helping to determine what data should be monitored.

7. Measure and report results. Finally, CAEs can implement steps to measure the success of your data analytics efforts and report success and value to management and other top stakeholders. Internal audit groups that successfully demonstrate tangible value are the ones that make a stronger business case for increased budgets and resources dedicated to a data analytics. In the process, this can also boost the internal audit department’s reputation.
Pursuing these areas can help get a data analytics program off the ground or help move a program that is in the infant stage along the curve. Remember, starting small is better than not starting at all, since it won’t be long before small successes provide momentum to advance the program. Experiment, think creatively and don’t be afraid to make mistakes. Internal audit departments that pursue data analytics without fear will soon be expanding their capabilities and unlocking the powerful potential of what it can do.

 

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us on  Germany-  0049 30217 82920 or Switzerland 0041 4350 830 59

How Leveraging of Resources Can Assist You  in Gaining Needed Audit Skills

 

These days an internal auditor is required to be a jack-of-all-trades. To complete the diverse set of audits that cover every facet of the organization, the internal audit team must collectively possess a vast array of skills that run the gamut from traditional financial talents to marketing, HR, and technology expertise, among others.

New technologies, such as artificial intelligence, machine learning, robotic process automation, and many others are only increasing the need for internal audit to add skills and abilities to its repertoire. Internal auditors must understand what is happening inside these “black boxes” to ensure that the technologies are not subjecting the organization to unknown risks. Chief audit executives, in particular, must be careful to ensure that the use of emerging technologies throughout the organization is being audited and that internal audit departments have the technical abilities to conduct quality audits in such areas.

 

Changing and Emerging Risks

“Risks in the organization are constantly changing and new emerging risks require new areas of expertise to audit them.” “You would end up chasing your tail to trying to ensure all those skills are covered in-house. It makes more sense to ensure a foundation of skills among the internal auditors on the team, and then seek other expertise through co-sourcing or other arrangements.”

To be sure, there are a variety of ways to fill gaps in the skills and expertise contained in the internal audit team. Some include boosting the existing skills on the team, while others include leveraging resources from other areas inside the organization or seeking outside help.

Here are some ways to bolster the capabilities of the internal audit team to ensure the needed expertise is available to conduct audits in new or unfamiliar areas.

 

Training and Education

One of the best ways to improve the skills of the internal audit team and to add additional abilities is to require existing auditors to attending training sessions. Indeed, Training Institute offers a full array of courses in several areas including cybersecurity, data governance, data analytics, cloud security, and many more, that can bolster the abilities of any internal auditor. The Institute of Internal Auditors requires practising certified internal auditors to earn 40 continuing professional education (CPE) credit hours per year. (A recent requirement necessitates that two of those credits each year are focused on the area of ethics.)

Some organizations conduct “training weeks,” where time in the schedule is specifically set aside for training. Packaging Corporation of America, for example, holds training week each March, when all other business is put on hold to ensure internal auditors have time to gain training in needed areas. Through the week, the team looks back over lessons learned from the prior year, reviews the needs of the current audit plan, and holds group training sessions in needed areas.

 

Lunch and Learns

A cost-effective way to get more training and knowledge for internal auditors is to have it provided by experts inside the company. Many internal audit departments hold “lunch and learns,” where an expert at a line of business of function outside of internal audit is invited to speak to the department over lunch. The expert may be from a unit that is soon to be the subject of an audit, is particularly complex, or an expert in a particular technology. The sessions typically allow auditors to ask questions and learn more about that part of the business.

One of the benefits of a lunch and learn is Business managers get exposed to internal audit and vice versa in a very supportive setting, which can increase relationship building and build trust across both sides.

 

Guest Auditor

They are among the most cost-effective and efficient ways to bolster the capabilities of the internal audit department. But choosing the right person can be tricky. The best guest auditors will have deep knowledge of the process or function being audited, but not so senior that they compromise the independence of the auditor become defensive when the audit finds deficiencies or problems in their original unit.

Guest auditors facilitate audits and leverage their expertise, but they don’t typically lead them. Acting as advisors, the added benefit of the guest auditor is that when they return to their jobs they can see things from an internal audit perspective and become advocates for internal audit.

Some companies rotate operations personnel through internal audit in guest auditor roles so that they gain a better understanding of risk and controls and learn to see things from an assurance perspective. When they return to their jobs out in the business they are more aware of control problems and become better members of the “first-line” of defense.

 

Co-Sourcing

Co-sourced experts typically become part of the team for a particular audit or project. Among the best benefits of co-sourcing is that there is knowledge transfer from the outside experts to those on the internal audit team working along with them.

 

Outsourcing

Among the greatest benefits is that they can provide an independent and objective take on a process that internal audit may be too close to. For example, if the CAE is also the head of compliance, he or she may look to an outside firm to audit compliance to ensure an objective audit is completed.

It’s also important to note that outsourcing portions of internal audit does not absolve the internal audit team, the board of directors, or the organization from the responsibilities of ensuring that controls are in place and functioning and risks are being managed. As Richard Chambers, president and CEO of the IIA, put it in a blog post last year: The IIA believes, “oversight and responsibility for the internal audit activity cannot be outsourced.”

 

Promoting a Culture of Learning

This includes encouraging training and education, including providing time and covering expenses of attending training sessions or academic classes that improve individuals while they upgrade the skills of the team at large. It may also involve providing auditors time to seek learning or to experiment with different approaches, such as data analytics or other technologies.

It is also important to hire the type of internal auditors that continually seek out new challenges, love to learn new things, and demonstrate a curiosity about how things work. “These are life-long learners and that’s what you want on your internal audit team”. “The type of person who says they already know everything about internal audit there is to know… you can’t afford to have that person on your team.”

 

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us on  Germany-  0049 30217 82920 or Switzerland 0041 4350 830 59

Why the Internal Audit career path is so brilliant?

 

Internal auditing is a profession with a long history, and it’s a function that continues to evolve with the swift pace of global regulatory changes and compliance challenges. Its internal auditors who are responsible for providing assurance on corporate governance, risk management, internal control and operations, in all types of business conditions.

So what are the most important aspects for taking the internal audit career path?

 

1. It’s in the corporate limelight

Internal auditors gain an in-depth, up-close understanding of the processes, policies and procedures of an organization. Partnering with management, they are able to provide invaluable operational knowledge and industry insights to companies, with frequent exposure to the board. That experience may shape the rest of their careers.

Financial services institutions also rely heavily on their internal audit teams to help secure transparency and accountability throughout their organizations. The more complex regulatory environment means businesses must balance revenue-generating activities with the need to meet regulatory directives, implement new capital structures and manage institutional risk.

Common responsibilities of an internal auditor include the following:

– Analysis of operations and procedures

– Compliance review

– Evaluation of internal controls

– Safeguard assurances

 

2. In Recurring Demand

The internal auditor is one of the in-demand finance and accounting positions in today’s hiring market. Risk and compliance concerns are driving hiring at many companies, particularly in highly regulated industries like banking, insurance, healthcare and financial services.

As organizations drives to improve internal controls and transparency, they are also looking for internal auditors and information technology (IT) auditors. Many are also willing to train to fill specific needs.

Potential jobs on the career path include entry-level internal auditors, such as auditing specialists, risk assessment specialists, lead internal auditors, financial analysts, internal controls auditors and information systems auditors. Other positions are lead internal auditors, such as senior internal auditors, and internal audit supervisors, such as audit managers, risk managers and internal audit directors. Finally, there are the internal audit executives, including finance directors, CFOs and controllers.

 

3. Salaries growth

The salary midpoint (or median national salary) for internal auditors in corporate accounting with up to a year of experience is $48,000. The compensation goes up to $73,500 after one to three years of experience, and $90,250 for a senior internal auditor, according to the Salary Guide. The salary midpoint for an internal auditor manager is expected to be $116,500, and for a chief audit executive or internal audit director, the Salary Guide estimates $185,250 salary at the midpoint.

The salaries listed in the Salary Guide reflect starting pay only and are based on actual placements throughout the United States, as well as an analysis of the market conditions. At the midpoint, candidates have average experience with the necessary skills to meet the job requirements.

 

4. Career path you can trust

The first step is to get your bachelor’s degree, which is required for any level of internal auditor. Many people start out in public accounting before they move to internal auditing. But others jump right in to the field and find that career progression from an entry-level internal auditing position can lead to management positions, such as chief audit executive on up to CEO.

As far as finance and accounting certifications that can be required later on, companies often look for candidates who have completed various certification programs, which require a combination of education, examination and work experience. Some of those designations include the following:

– Certified internal auditor (CIA)

– Certified fraud examiner (CFE)

– Certified public accountant (CPA)

– Certified information systems auditor (CISA)

– Certified government auditing professional (CGAP)

More and more organizations are finding out just how critical a role internal auditing plays in this world of global regulatory changes and rapidly emerging technologies. And more accounting and finance professionals are finding that this business-savvy role of internal auditing gives them key insights into the inner workings of companies, with skills that can transfer to other areas — and a compelling career path.

 

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us on  Germany-  0049 30217 82920 or Switzerland 0041 4350 830 59

This week we take a look at how auditors have grown their careers historically through the gradual aquisition of certain key skillsets and attributes.

Critical Skills to Enhance Your Audit Career Path

What makes a great auditor?

What’s the perfect career path for an auditor?

Twenty years ago, answers to those questions were undoubtedly much different than they are today. Back then, a solid grasp of the ins and outs of internal audit could land you high on the career ladder.

In 2020, likely less so.

When 49% of current work activities could be automated using technology, it is ultimately the softer skills that will distinguish audit professionals in a highly demanding and rapidly-changing landscape. Want to improve the career path you are on as an auditor?

 

Here are the top 9  skills you should master today in order to help your audit career path grow:

Critical Thinking: Critical thinking skills are important for an audit career path. This type of reasoning requires that they step outside of their own judgments and biases in order to consider all perspectives, question the validity of each, and reach a conclusion.

As the Global Internal Audit Common Body of Knowledge (CBOK) study notes, “Critical thinking is the most sought-after skill by internal audit hiring managers, but generally, it is learned on the job through dedicated feedback and coaching from internal audit leaders.” 

 

Initiative

In any profession, employers want to know that their employees are eager to learn and develop. They value people who go above and beyond expectations to advance themselves and their knowledge.

For internal auditors, the willingness to take initiative and ownership over their own success is crucial. Passionately pursuing professional designations, certifications, and Continuing Professional Education (CPE) proves that they are not content to rest on their laurels, but instead, are eager to learn and evolve along with the profession.

 

Communication skills

Case in point: in a 2016 survey conducted by Workforce Solutions Group, communication skills were the top demand of hiring companies, yet two out of three employers cited a lack of these interpersonal skills in their job applicants. This serves as proof that internal auditors who are strong communicators will set themselves apart from any job competition.

“Internal auditors need to possess excellent communication skills in order to succeed and advance in the changing, complex international global marketplace,” writes Dr. Gene Smith, an accounting professor at Eastern New Mexico University, in an article published in Managerial Auditing Journal. “Auditors utilize communication skills in almost every situation they encounter.” 

 

Curiosity

As mentioned previously, the most successful internal auditors are not fulfilled with the status quo—they have an eye for continuous process improvement and how they can advance the profession in a business that is changing at an accelerated rate. Internal auditors should seek to not only refine their own skills, but also to understand, adapt to, and leverage emerging technologies.

Curiosity also means that these internal audit practitioners ruthlessly dig into problems in pursuit of an answer and solution. They are excited about a mystery, rather than being discouraged by it. “We want people who have a passion for truly understanding the business and a knack for remaining inquisitive within environments that can change on a weekly or even daily basis,” explains Kelly Barrett, Vice President of Internal Audit and Compliance for Home Depot.

“An open-minded auditor is nonpartisan and able to see the good practices, as well as the improvement areas,” writes Amanda Bradley, GlaxoSmithKline’s Director of Risk and Strategy. “This supports the development of the internal control framework, and means that the auditor is able to challenge on the best corrective actions to put in place because they have seen what good looks like.”

 

Healthy Skepticism

“[Skepticism] is an attitude that includes a questioning mind and a critical assessment of the appropriateness and sufficiency of audit evidence,”. “It requires being alert to conditions that may indicate possible misstatement due to error, neglect, or fraud, and a critical assessment of audit evidence.”

The best internal auditors trust nothing when reviewing financial documents and they conduct each review with a discerning eye and a high degree of vigilance, regardless of the specific circumstances.

 

Business acumen

In the 2018 North American Pulse of the Internal Audit Profession survey conducted by the IIA’s Audit Executive Center, business acumen was ranked as one of the most desirable skills by CAEs. Today’s practitioners need to know not only the numbers, they also need to know what role they play and why they matter to the business. Internal auditors do the legwork.

In short, professionals with the strongest career paths do not just do their jobs with excellence, but they also connect the dots to articulate the true business impact—which is the information that matters most to other stakeholders.

Empathy

For those on the receiving end, audits can be nerve-wracking, and skilled internal auditors must know how to empathize with the emotions of their clients or stakeholders while still maintaining their composure and remaining prudent. Not only does this competency set internal audit practitioners apart and allow them to deliver their findings in the most effective way, but it also leads to higher quality audits.

 

Executive presence

“Internal audit leaders must inform, educate, and influence stakeholders as well as earn their trust,” explains a release by a Big 4 firm. According to a recent study from PwC, 9 out of 10 very effective internal audit leaders excel in demonstrating executive presence.

 

Cross-functional training

As the Association of Chartered Certified Accountants states, auditors must “have an understanding of how laws and regulations affect an audit, not only in terms of the work the auditor is required to do, but also to appreciate the responsibilities of both management and the auditor where laws and regulations are concerned.”

Similarly, internal auditors work with a large amount of financial data, so they need to be equipped with the skills to analyze those numbers. Being able to manage data is a surefire way to stand out in a competitive field and labor market, especially since LinkedIn reports that data science is one of the top 25 most in-demand skills of 2019.

 

Prepare today to become the auditor of tomorrow

Today, the internal auditing profession is about more than being an investigator—these roles add real value to the business. However, that is far easier to prove if you supplement your technical skills with these in-demand soft skills.

Doing so makes you a better-rounded internal auditing professional, and it also helps you realize that automation isn’t something to fear. In fact, by automating the manual tasks that take time away from more proactive, value-added, and fulfilling activities, you can become the strategic and insightful internal auditor that your organization needs.

 

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us on  Germany-  0049 30217 82920 or Switzerland 0041 4350 830 59

Why Internal Audit is a good career step?

The opportunities in this area at the moment are substantial, as many of the leading industry and financial services companies have learnt lessons from the downturn in the economy and are bulking up their Internal Audit functions to ensure their controls are much tighter and comprehensive. The fact is for some of the leading multinationals and PLC’s in Ireland, Internal Audit is a genuine opportunity for candidates to get in the door with a company of choice, with the view to moving internally in the short to medium term.

A highly regarded discipline within a finance function, internal audit (also known as operational and risk review) provides a process and business unit review service that adds to shareholder value by improving business and financial controls. If you choose to go down this route, the main purpose of your role is to review risk management, control and governance processes and then identify improvement opportunities.

You will then provide recommendations to drive change in the business. Internal audit addresses the entire range of operating activities and performs a wide variety of assurance and consulting services. It is an essential function of any business and is concerned with the financial workings of the entire organization. If you have a background in practice and have strong technical audit skills you are likely to do well in this role.

 

Here are the key reasons why Internal Audit is a good career step:

Increasing your operational and commercial knowledge of the business

Internal audit is a great entry point into an organization after working in practice. It’s a particularly popular route for those who want to utilize their current auditing skill set whilst gaining insight into the commercial side of a business. If you work in internal audit, you will generally have an excellent opportunity to travel.

Your time will be spent visiting each business area, reviewing their processes and procedures and understanding how they operate. You will have a real opportunity to get close to your business and gain a competitive understanding of it first-hand. You will also work closely with senior managers across a variety of operating units early on in your career. You will generally be at the heart of the business and facilitate improvements in conjunction with the management team.

 

Exposure to all levels of management

Your work will be highly visible to a much broader audience, including senior leadership, through your audit reports. In addition, audit in/out meetings gives you the opportunity to present yourself and your work product professionally to your peers and company leadership. Many companies use the independent internal audit function through operational audits to share best practices and look for value-add opportunities. Nothing can be more rewarding than making a difference and helping drive positive change. You get unprecedented exposure to all levels of management, so you learn what is involved in the different teams and sections. It provides you with the opportunity to make an informed decision on a career move once in the business, as opposed to assuming a specific role now is right for you.

 

See the international impact of your organization

Many companies have a strong international presence. Internal audit provides an opportunity to see the world and learn how diverse the international business environment can be. Also being exposed to different cultures and being adventures testing compliance and financial reporting risks in diverse environments. It will influence your thinking and refine your communication soft skills.

 

Way to top entities

Most PLC’s use Internal Audit as their ‘talent acquisition pool’. The internal Audit team has a flat structure and there is not a long term Internal Audit career path in place – it is simply a way of learning the business before moving into other areas of finance.

There are two main career paths for internal auditors. You can either:

– Continue to specialize and become the Head of Internal Audit

– Broaden your skill set and move on to become the for example the  Finance Manager and then Finance Director of a particular operating unit, or else a Plant Controller, or many other options!

 

Unpredictable situations and new experiences

Every audit is unique and dependent on the situations observed. You never know how the work will evolve.

You’re testing inventory controls one moment, and the next moment you’re in in Hong Kong investigating how your product got there when it was originally sold in Europe. Or you’re in Mexico trying to figure out what is causing inventory shrinkage controls to fail on the way across the border. You would have midnight calls with instructions to get on the next plane to China, not knowing why until you are there. While in Alaska, you discovered tens of thousands of dollars in petty cash and had to carry it back to the continental U.S.

 

Better work-life balance

Internal Audit differs significantly in comparison to an External Audit role in professional services; you are not being charged out per hour to a client, there is a lot more downtime, controlled project work and no month-end process. Equally, the hours in Internal Audit are often preferable to external audit – it’s common to work from 9am-5pm.

 

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us on  Germany-  0049 30217 82920 or Switzerland 0041 4350 830 59

Earlier this year, The Internal Audit Code of Practice, aimed at strengthening corporate governance and prevent corporate collapse, calls for much more extensive access for internal auditors.

The professional association for internal auditors in the United Kingdom and Ireland had issued a draft version of a new “Code of Practice” that is said will promote more extensive access for internal auditors.

But after nearly 6 months after the initial announcement of this new code of practice- how has it been implemented in day to day business?

The draft, issued by the Chartered Institute of Internal Auditors, is intended to strengthen corporate governance among member’s organizations and to “help reduce the risk of major corporate collapses by boosting the status, standards, scope, and skills of internal audit,” the group said in a press statement on the proposed code.

The draft practise code comes in the wake of some high-profile corporate collapses in Britain, such a construction giant Carillion, café chain Patisserie Valerie, and wine and spirits retailer Conviviality. Last year, the Financial Reporting Council, a U.K. regulator, found that there had been a decline in quality across the “big four” auditors, and internal audit as a profession has also come under fire for not doing enough to shed light on problems at companies before it’s too late.

In effect, auditors were proposed to be granted the following:

No Restrictions

Many of the proposals included in the draft would elevate the reporting lines and authority of the function and improve access to information and documentation for internal auditors within organizations. “There should be no aspect of the organization which internal audit should be restricted from looking at as it delivers on its mandate. Whilst it is not the role of internal audit to second guess the decisions made by the board and its committees, its scope should include information presented to the board and its committees,” one of the proposed recommendations states.

The draft Internal Audit Code of Practice makes 30 recommendations in all to strengthen corporate governance, including:

– Unrestricted access for internal audit: Internal audit should not be stopped from looking at any part of the organization it serves.

– Full access for internal audit to senior meetings: Internal audit must have the right to attend board and executive committee meetings.

– Full access for internal audit to key management information: Internal audit must have timely access to key management information.

– Quality Assurance: Internal audit functions of sufficient size should develop a quality assurance and improvement program, with the work performed by individuals who are independent of the delivery of the audit.

The Chartered IIA’s proposed practice code would build on its current financial services code, which was published in 2013 in response to the banking collapse. According to the group, it will be the first time that businesses and organizations in the United Kingdom and Ireland, outside of the financial services sector, will be given “comprehensive benchmarks to meet and detailed guidance about running an effective internal audit function.”

 “There should be no aspect of the organization which internal audit should be restricted from looking at as it delivers on its mandate.”

    —Chartered Institute of Internal Auditors, Draft Practice Code

“The collapse of Carillion has led to a wide-ranging review of the U.K.’s corporate governance framework, including the audit regime. This creates challenges for internal audit, but equally it provides an opportunity to enhance the role of the internal audit profession as a cornerstone of good corporate governance,” wrote Brendan Nelson, audit committee chair of BP, in the forward to the draft. Nelson will head the steering committee set up to develop the Internal Audit Code of Practice. “The draft Code offers invaluable guidance about raising internal audit performance to help businesses and other organizations protect their assets, reputation, and sustainability,” he said in a separate statement.

Building on Success

The Chartered IIA noted that within two years the financial services version of the code had raised the scope and standing of internal audit in the banking sector, with the number of chief audit executives attending executive committees rising from 48 percent to 84 percent, and the number of organizations carrying out audit work on risk culture rising from 54 percent to 93 percent.

“The draft Internal Audit Code of Practice will build on the success of the Financial Services Code we launched in 2013, which raised the profile and effectiveness of internal audit,” said Ian Peters, chief executive of the Chartered IIA.

The committee will also consider whether the new code should include guidance on how and if internal audit should provide assurance where it had previously performed consulting services, as well as best practices in the outsourcing of internal audit work.

Today we ask what your experiences have been in your daily working life?

Have you seen improvements in your ability to get the information you require and access to the right people in order to generate a fully comprehensive audit report?

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us on  Germany-  0049 30217 82920 or Switzerland 0041 4350 830 59

This week our colleagues have been discussing what are the critical points to consider when conducting investigations.

It is not intended to be an exhaustive list but gas been generated as a result of experienced fraud and forensic auditors.

It is difficult today to avoid news about allegations and subsequent investigations. First, it was a slew of high profile allegations about sexual misconduct—which continues. More recently, it’s about abuse of power in the government. And rarely a day goes by without some news of a financial fraud, bribery, or other scandal at companies around the globe. What we should all note from the news is that a failure to perform an appropriate investigation is a serious source of risk to any organization.

 

Here are five points to consider when an allegation of misconduct surface and an investigation is necessary to get to the bottom of it:

1.It is critical for any individual within the organization to be able to report suspected inappropriate behavior without fear of retaliation.

The apparent effort by members of the U.S. government to identify a whistleblower and then paint him or her as a political operative is unforgivable and probably illegal (these federal employees are protected by law).

Unfortunately, many people do not come forward because there is a credible fear—justified by several real life examples—of retaliation.

Here’s an example of just one: One woman who reported suspected wrongdoing by her manager to her company’s ombudsman, as required by company policy. However, her manager had started a disciplinary process against the whistleblower, triggered by that person’s refusal to perform what she believed to be corrupt acts demanded by the manager. The ombudsman was a senior member of the legal department who was advising the manager on the disciplinary process; he refused to open, let alone act on, the whistleblower’s complaint. Unfortunately, the whistleblower was fired, her allegations were never investigated, and her personal attorney failed to advise her properly on how to sue for damages. (Sadly, the only protection under federal law is when the whistleblower reports the suspected activity to the SEC. No protection against retaliation is provided when allegations are reported to the company’s ombudsman or hotline, following company policy.)

We also think about the women who have alleged inappropriate sexual activities by Supreme Court judges during the confirmation proceedings. They were not only identified by name but were publicly ridiculed.

These allegations, if there was to be a fair process, should have been conducted quietly by professional investigators with an open mind. They should not have been conducted in public. Frankly, as I look at the current impeachment inquiry involving the President, I have to wonder whether the process is appropriate. It should be much quieter and performed by objective professionals.

 

2.It is also critical that individuals outside the organization are able to report suspected wrongdoing by another organization’s employees.

We can recall a number of cases where vendors and customers gave us information that we investigated and determined there had been fraudulent acts. (The assessment of fraud is a legal determination, based on facts that we provide counsel.)

Few organizations, in our experience, have processes where vendors, customers, and others can report suspected inappropriate behavior by an employee of the company. When complaints are made, they generally end up in the wrong hands because the third party doesn’t know whom to tell.

 

3.Every allegation of wrongdoing should be considered and evaluated for a potential investigation. Before launching a formal investigation by any team, we look to see if there is predication. That is typically based on two questions, explored below.

One: If the allegation is true, would the actions represent a violation of law, company policy, or desired behaviors?

If not, we still consider whether it would be appropriate to conduct further inquiries; sometimes, the whistleblower did not explain the situation adequately and we have our suspicions.

If yes, then we determine who is responsible for the preliminary investigation, which is a process to see if a formal investigation should be opened. Sometimes it is internal audit, sometimes HR, and sometimes it could be another function like physical security or legal.

Two: Is there sufficient information and evidence that the allegation might be true?

Sometimes, we can fairly quickly determine that it is without foundation, in which case we document that and close the case.

There have been times where the allegation was too vague to investigate. If we can contact the complainant, we will try to elicit more information. If not, we flag the complainant, keeping it open and waiting to see if we receive more information at a later date.

 

4.All investigations should be conducted by trained (and certified, when possible) objective professionals.

Investigators (including myself) were either certified fraud examiners or had received appropriate formal training in investigations, interviewing, and interrogations. The investigation is to uncover related facts. Interpretation of those facts is a management function with advice from legal counsel. It is very easy, too easy, for investigators to form opinions that bias and taint the investigation. Every target of an investigation must be treated with respect and dignity throughout the investigation.

 

5.Internal audit should consider a periodic review to ensure all of the above and provide assurance to top management and the board that the allegation and investigation processes are appropriate.

Where internal audit itself is responsible for the whistleblower hotline or related processes, or investigating allegations, they should consider engaging a third party to perform a review and report the results to the board.

Following these five key points won’t ensure that every investigation goes smoothly, but it will go a long way to ensuring that they are carried out professionally, fairly, and with the best intentions at getting to the source of the problem and uncovering the truth.

 

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us on  Germany-  0049 30217 82920 or Switzerland 0041 4350 830 59